9.8

CVE-2025-15111

Exploit

Ksenia Security lares Home Automation 1.6 Default Credentials Vulnerability

Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KseniasecurityLares Firmware Version1.6
   KseniasecurityLares Version4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.53% 0.405
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
disclosure@vulncheck.com 9.3 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-259 Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php
Third Party Advisory
Exploit
https://packetstorm.news/files/id/190180/
Third Party Advisory
https://www.kseniasecurity.com/
Product
https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-default-credentials-vulnerability
Third Party Advisory